DORA: Fundamentals, Risk Management, and Organizational Readiness

• Understanding the DORA Regulation: Explanation of key concepts and principles outlined in the regulation, enabling participants to fully comprehend its objectives and scope of application.
• ICT Risk Assessment and Management: Acquiring the necessary skills to identify, assess, and manage risks related to Information and Communication Technologies within the organization.
• ICT Incident Management: Mastering the processes related to identifying, classifying, and responding to ICT incidents, thereby enhancing the organization’s ability to minimize their impact.
• Supplier Risk Management: Developing competencies in evaluating and monitoring external suppliers, which is essential for ensuring operational security and continuity.

This specialized cybersecurity training is tailored for employees at various management levels within the company, who are involved in protecting data and IT systems. It is specifically aimed at individuals responsible for meeting the requirements of the DORA Regulation. The course is also open to members of legal, IT, and security departments, as well as anyone wishing to deepen their knowledge and skills in the field of cybersecurity.

The training is conducted in Polish. There is a possibility of organizing the training in English upon request.

Achieving effective training outcomes is possible through selecting the appropriate topics and training methods tailored to the participants’ specific needs and the subjects being addressed. Below, we present the methods and techniques we employ:

LECTURE
We deliver knowledge to participants using dedicated teaching aids, such as multimedia presentations. This is the foundation of the training, introducing the topic, discussing key concepts, and outlining roles, processes, and procedures.

PRACTICAL EXAMPLES
As practitioners, we base our training programs on real-life incidents tailored to specific problems. We assist participants in independently arriving at conclusions and solutions. Our training is highly focused on practical applications and skill development.

DISCUSSION
Participants express their opinions and share experiences. A well-structured discussion topic often generates significant emotional engagement through the confrontation of differing viewpoints. This enables the development of common solutions or the preparation of arguments on a given subject.

BRAINSTORMING
We generate a multitude of ideas and solutions in a short time for specific problems or scenarios. This method engages participants, stimulating creative thinking and innovation.

EXERCISES
Practical tasks related to the training subject, such as process creation or case study analysis, effectively complement lectures and practical examples.

TESTS
We assess the participant’s knowledge and skills to identify competency gaps and appropriately plan the educational process to enhance their abilities. Depending on the training’s nature, this can be done using various tools, such as knowledge tests or performance evaluations.

SIMULATIONS
Simulations provide a realistic experience where participants actively engage and witness the consequences of their actions.

SUMMARY
At the end of each topic, we summarize the covered material. This activity, led by the trainer, highlights the key points of the subject matter while allowing participants to assess their understanding.

TOMASZ PTAK

A graduate of Law from the University of Silesia in Katowice. Certified Lead Auditor ISO 27001. For over a decade, he has been conducting training in personal data protection. Currently, he focuses primarily on training and consulting with an emphasis on security and cybersecurity.

He provides advisory and training services for implementing, improving, and optimizing information security systems based on the most popular international standards. Tomasz has conducted dozens of audits in the fields of information security and cybersecurity and around 200 training sessions on personal data protection.

An expert in the areas of information security, cybersecurity, and personal data protection.